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Abstract — The growth and development of computing technology in the business Organization 
and institutions is very effective and admirable. This leads to the requirement of security systems 
that prevent unauthorized entry. Firewall is one of the growth and development of computing 
technology in the business competing security mechanisms to secure all the information through the 
internet of the private network. The effectiveness of the firewall system depends on the 
configurations of the firewall. In this paper, we represent an innovative policy anomaly 
management framework for firewalls, adopting a rule -based segmentation technique to identify 
policy anomalies and derive effective anomaly resolutions. And also here we introduce a captcha 
supported firewall system to check the human access or the programmatic access .it permits only the 
human user to access the firewall policies with cost effective and less computation time. 
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INTRODUCTION 

With the global Internet connection, network security has gained significant attention in research 
and industrial communities. Due to the increasing threat of network attacks, firewalls have become 
important elements not only in enterprise networks but also in small-size and home networks. 
Firewalls have been the frontier defense for secure networks against attacks and unauthorized traffic 
by filtering out unwanted network traffic coming from or going to the secured network. The 
filtering decision is based on a set of ordered filtering rules defined according to predefined security 
policy requirements [1]. Policy analysis tools, such as Firewall Policy Advisor [1] and FIREMAN 
[5], with the goal of detecting policy anomalies have been introduced. Firewall Policy Advisor only 
has the capability of detecting pairwise anomalies in firewall rules. FIREMAN can detect anomalies 
among multiple rules by analyzing the relationships between one rule and the collections of packet 
spaces derived from all preceding rules. However, FIREMAN also has limitations in detecting 
anomalies [3]. 



For each firewall rule, FIREMAN only examines all preceding rules but ignores all subsequent 
rules when performing anomaly analysis. In addition, each analysis result from FIREMAN can only 
show that there is a misconfiguration between one rule and its preceding rules, but cannot accurately 
indicate all rules involved in an anomaly. 



In this paper we are using FAME tool First, FAME provides a grid-based visualization technique 
to accurately represent conflict diagnostic information and the detailed information for unresolved 
conflicts that are very useful, even for manual conflict resolution. Second, FAME resolves conflicts 
in each conflict correlation group independently. That means a system administrator can focus on 
analyzing and resolving conflicts belonging to a conflict correlation group individually. 



This paper is organized as follows: In section n presents policy maintenance. In section IE 
describes segmentation and classification. In section IV represent the representation of policy 
anomaly. 

In section V, VI, VII we articulate our policy anomaly management framework. Also In section VIII 
we introduce the captcha technique. 
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I. POLICY MAINTENANCE 



A. Insert rule 

It is used for inserting a new rule in the policy by using the following parameters. Rule id, 
Protocol, Source Ip, Source port, Destination Ip , Destination port 

B. Update rule 

Update rule is used for updating a rule in the policy based on action constraint 

C. Load policy 

Load policy is used to load the pre -defined policy from anywhere. 

D. Delete rule 

Delete rule is used to delete the rule from the policy based on action constraint. 



II. SEGMENTATION AND CLASSIFICATION (using rule based segmentation technique) 
A. Subset 

A part of a larger group of related things or a set of which all the elements are contained in another 
set. 



B. Super set 




A set that includes another set or sets 


C. Partial match 




Show entries that are similar to the rule you are searching or containing it. 


D. Disjoint 





Two sets are said to be disjoint if they have no element in common. 



The algorithm for rule based algorithm is shown below 

Algorithm 1: Segment Generation for Network packet 
Space of a set of Rule R:Partition(R) 
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space,S = set of packet space segment. 























HI. REPRESENTATION OF POLICY ANOMALY 



A. Overlap 

Two spaces overlap when the packets matching two corresponding rules intersect. An 
overlapping relation may involve multiple rules are Non conflict overlapping have the same action 
Conflict overlapping which may conflict with each other 

B. Non overlap 

Each non overlapping segment associates with one unique rule. 
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IV. ANOMALY MANAGEMENT FRAMEWORK 



The block diagram describe the anamoly management framework is shown in Figure 1 . 



Paekel Space Segmentation 



Conflicting Segmenl 
Identification & Correlation 



Action Constraint 
Generation 



Conflicting Rule 
Reordering 



Conflict Detection 
L Resolution 



J 



Overlap Correlation 



Property Assignment 



Redundancy Identification 
and Elimination 



Redundancy Dificworv 
i Removal 



Fig . 1 . Anamoly management framework 



V. Conflict detection and resolution 



A. Conflicting segment identification 

Conflicting segments are identified in the first step. Each conflicting segment associates with a 
policy conflict and a set of conflicting rules. 

B. Correlation 

We cannot resolve a conflict individually by only reordering conflicting rules associated with one 
conflict without considering possible impacts on other conflicts. On the other hand, it is also 
inefficient to deal with all conflicts together by reordering all conflicting rules simultaneously. 
Therefore, it is necessary to identify the dependency relationships among packet space segments for 
efficiently resolving policy anomalies. 
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The major benefit of generating correlation groups for the anomaly analysis is that anomalies can 
be examined within each group independently, because all correlation groups are independent of 
each other. Especially, the Searching space for reordering conflicting rules in conflict resolution can 
be significantly lessened and the efficiency of resolving conflicts can be greatly improved. 

C. Action constraint generation 

Our conflict resolution mechanism introduces that an action constraint is assigned to each 
conflicting segment. An action constraint for a conflicting segment defines a desired action (either 
Allow or Deny) that the firewall policy should take when any packet within the conflicting segment 
comes to the firewall. Then, to resolve a conflict, we only assure that the action taken for each 
packet within the conflicting segment can satisfy the corresponding action constraint. 



RL{at) 



a x |F(cs) 



C. Conflicting rule reordering 



The most ideal solution for conflict resolution is that all action constraints for conflicting 
segments can be satisfied by reordering conflicting rules. In other words, if we can find out 
conflicting rules in order that satisfies all action constraints, this order must be the optimal solution 
for the conflict resolution. Unfortunately, in practice action constraints for conflicting segments can 
only be satisfied partially in some cases. 



VI. Redundancy discovery and removal 



Overlap correlation: In this step the overlap correlation group is detected. Property assignment: In 
this step, every rule subspace covered by a policy segment is assigned with a property. Four property 
values, removable (R), strong irremovable (SI), weak irremovable (WI), and correlated (C), are 
defined to reflect different characteristics of each rule subspace. Removable property is used to 
indicate that a rule subspace is removable. Redundancy identification and elimination: The 
removable rules are identified and removed. 
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VIH.CAPTCHA 



Captcha is a type of challenge-response test used in computing as an attempt to ensure that the 
response is generated by a person. The process usually involves a computer asking a user to 
complete a simple test which the computer is able to grade. These tests are designed to be easy for a 
computer to generate, but difficult for a computer to solve, so that if a correct solution is received, it 
can be presumed to have been entered by a human. A common type of CAPTCHA requires the user 
to type letters or digits from a distorted image that appears on the screen, and such tests are 
commonly used to prevent unwanted internet bots from accessing websites. 



In this paper, we have proposed a novel anomaly management framework that facilitates 
systematic detection and resolution of firewall policy anomalies. A rule-based segmentation 
mechanism and a grid-based representation technique were introduced to achieve the goal of 
effective and efficient anomaly analysis. In addition, we have described a proof-of-concept 
implementation of our anomaly management environment called FAME and demonstrated that our 
proposed anomaly analysis methodology is practical and helpful for system administrators to enable 
an assurable network management. A common type of CAPTCHA requires the user to type letters 
or digits from a distorted image that appears on the screen, and such tests are commonly used to 
prevent unwanted internet bots from accessing websites 
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